Fedora 18 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Sep 26 06:31:31 UTC 2013
The following Fedora 18 Security updates need testing:
Age URL
159 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18
71 https://admin.fedoraproject.org/updates/FEDORA-2013-13131/livecd-tools-18.17-1.fc18
55 https://admin.fedoraproject.org/updates/FEDORA-2013-14005/zabbix-2.0.6-3.fc18
42 https://admin.fedoraproject.org/updates/FEDORA-2013-14794/filezilla-3.7.3-1.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-17047/xulrunner-24.0-2.fc18,firefox-24.0-1.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-17112/hplip-3.13.9-2.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-17016/icedtea-web-1.4.1-0.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-17305/libvirt-0.10.2.8-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-17366/seamonkey-2.21-1.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-17375/xpdf-3.03-8.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-17443/ReviewBoard-1.7.14-1.fc18,python-djblets-0.7.18-1.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-17583/rtkit-0.11-7.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17649/rubygems-1.8.25-8.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
228 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18
12 https://admin.fedoraproject.org/updates/FEDORA-2013-16676/gnome-abrt-0.3.1-1.fc18,abrt-2.1.7-1.fc18,libreport-2.1.7-1.fc18,satyr-0.9-1.fc18
10 https://admin.fedoraproject.org/updates/FEDORA-2013-16816/gdisk-0.8.7-2.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-17013/device-mapper-persistent-data-0.2.7-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-17371/ibus-1.5.4-1.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-17583/rtkit-0.11-7.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-17624/selinux-policy-3.11.1-104.fc18
The following builds have been pushed to Fedora 18 updates-testing
graphite-web-0.9.12-3.fc18
libuv-0.10.17-1.fc18
mfiler4-1.2.6-1.fc18
munin-2.0.17-6.fc18
nodejs-0.10.19-1.fc18
python-bucky-0.2.6-3.fc18
python-carbon-0.9.12-2.fc18
qt5-qtbase-5.1.1-5.fc18
rubygems-1.8.25-8.fc18
selinux-policy-3.11.1-104.fc18
telepathy-gabble-0.16.7-1.fc18
wireshark-1.10.2-4.fc18
xyzsh-1.5.1-1.fc18
Details about builds:
================================================================================
graphite-web-0.9.12-3.fc18 (FEDORA-2013-17597)
A Django webapp for enterprise scalable realtime graphing
--------------------------------------------------------------------------------
Update Information:
Tested against ami-05355a6c.
Don't ship js/ext/resources/*.swf (RHBZ#1000253)
Don't ship js/ext/resources/*.swf (RHBZ#1000253)
Don't ship js/ext/resources/*.swf (RHBZ#1000253)
Don't ship js/ext/resources/*.swf (RHBZ#1000253)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.9.12-3
- Reorder Requires conditionals to fix amzn1 issues (RHBZ#1007300)
- Ensure python-whisper is also updated
* Tue Sep 17 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.9.12-2
- Don't ship js/ext/resources/*.swf (RHBZ#1000253)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1007300 - Installation on AWS (CentOS) fails
https://bugzilla.redhat.com/show_bug.cgi?id=1007300
[ 2 ] Bug #1000253 - graphite-web contains bundled Flash files
https://bugzilla.redhat.com/show_bug.cgi?id=1000253
--------------------------------------------------------------------------------
================================================================================
libuv-0.10.17-1.fc18 (FEDORA-2013-17654)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
2013.09.24, node.js Version 0.10.19 (Stable)
* readline: handle input starting with control chars (Eric Schrock)
* configure: add mips-float-abi (soft, hard) option (Andrei Sedoi)
* stream: objectMode transforms allow falsey values (isaacs)
* tls: prevent duplicate values returned from read (Nathan Rajlich)
* tls: NPN protocols are now local to connections (Fedor Indutny)
2013.09.25, libuv Version 0.10.17 (Stable)
* build: remove GCC_WARN_ABOUT_MISSING_NEWLINE (Ben Noordhuis)
* darwin: fix 10.6 build error in fsevents.c (Ben Noordhuis)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.17-1
- new upstream release 0.10.17
https://github.com/joyent/libuv/blob/v0.10.17/ChangeLog
--------------------------------------------------------------------------------
================================================================================
mfiler4-1.2.6-1.fc18 (FEDORA-2013-17621)
2 pane file manager with a embedded shell
--------------------------------------------------------------------------------
Update Information:
New version 1.2.6 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 1.2.6-1
- 1.2.6
--------------------------------------------------------------------------------
================================================================================
munin-2.0.17-6.fc18 (FEDORA-2013-17634)
Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:
BZ# 989080 Add a missing requirement on crontabs to spec file
BZ# 993985: munin possibly affected by F-20 unversioned docdir change
Move Net::IP plugins to a subpackage for dep handling
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 D. Johnson <fenris02 at fedoraproject.org> - 2.0.17-6
- Move Net::IP plugins to a subpackage for dep handling
* Fri Aug 16 2013 D. Johnson <fenris02 at fedoraproject.org> - 2.0.17-5
- BZ# 993985: munin possibly affected by F-20 unversioned docdir change
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Aug 1 2013 Petr Pisar <ppisar at redhat.com> - 2.0.17-3
- Perl 5.18 rebuild
* Sat Jul 27 2013 Jóhann B. Guðmundsson <johannbg at fedoraproject.org> - 2.0.17-2
- BZ# 989080 Add a missing requirement on crontabs to spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #989080 - Add a missing requirement on crontabs for the cron job to the spec file
https://bugzilla.redhat.com/show_bug.cgi?id=989080
[ 2 ] Bug #993985 - munin possibly affected by F-20 unversioned docdir change
https://bugzilla.redhat.com/show_bug.cgi?id=993985
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.19-1.fc18 (FEDORA-2013-17654)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
2013.09.24, node.js Version 0.10.19 (Stable)
* readline: handle input starting with control chars (Eric Schrock)
* configure: add mips-float-abi (soft, hard) option (Andrei Sedoi)
* stream: objectMode transforms allow falsey values (isaacs)
* tls: prevent duplicate values returned from read (Nathan Rajlich)
* tls: NPN protocols are now local to connections (Fedor Indutny)
2013.09.25, libuv Version 0.10.17 (Stable)
* build: remove GCC_WARN_ABOUT_MISSING_NEWLINE (Ben Noordhuis)
* darwin: fix 10.6 build error in fsevents.c (Ben Noordhuis)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 0.10.19-1
- new upstream release 0.10.19
http://blog.nodejs.org/2013/09/24/node-v0-10-19-stable/
--------------------------------------------------------------------------------
================================================================================
python-bucky-0.2.6-3.fc18 (FEDORA-2013-17652)
CollectD and StatsD adapter for Graphite
--------------------------------------------------------------------------------
Update Information:
Update requires (RHBZ#953834), adding python-setuptools
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Add dependency on collectd and update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
Update to 0.2.6.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.2.6-3
- Update requires (RHBZ#953834), adding python-setuptools
* Thu Sep 19 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.2.6-2
- Update requires (RHBZ#953834)
* Tue Sep 17 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.2.6-1
- Update to 0.2.6
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #953834 - missing dependencies python-setuptools collectd
https://bugzilla.redhat.com/show_bug.cgi?id=953834
--------------------------------------------------------------------------------
================================================================================
python-carbon-0.9.12-2.fc18 (FEDORA-2013-17606)
Back-end data caching and persistence daemon for Graphite
--------------------------------------------------------------------------------
Update Information:
Add strict python-whisper Requires (RHBZ#1010432), Don't cleanup user and user data on package remove (RHBZ#1010430)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Jonathan Steffan <jsteffan at fedoraproject.org> - 0.9.12-2
- Add strict python-whisper Requires (RHBZ#1010432)
- Don't cleanup user and user data on package remove (RHBZ#1010430)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1010432 - python-carbon-0.9.12 should require python-whisper >= 0.9.12
https://bugzilla.redhat.com/show_bug.cgi?id=1010432
[ 2 ] Bug #1010430 - python-carbon deletes user-created data on uninstall; shouldn't per packaging guidelines
https://bugzilla.redhat.com/show_bug.cgi?id=1010430
--------------------------------------------------------------------------------
================================================================================
qt5-qtbase-5.1.1-5.fc18 (FEDORA-2013-17626)
Qt5 - QtBase components
--------------------------------------------------------------------------------
Update Information:
fix big endian builds
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Dan Horák <dan[at]danny.cz> - 5.1.1-5
- fix big endian builds
* Wed Sep 11 2013 Rex Dieter <rdieter at fedoraproject.org> 5.1.1-4
- macros.qt5: use newer location, use unexpanded macros
* Sat Sep 7 2013 Rex Dieter <rdieter at fedoraproject.org> 5.1.1-3
- ExcludeArch: ppc64 ppc (#1005482)
* Fri Sep 6 2013 Rex Dieter <rdieter at fedoraproject.org> 5.1.1-2
- BR: pkgconfig(libudev) pkgconfig(xkbcommon) pkgconfig(xcb-xkb)
--------------------------------------------------------------------------------
================================================================================
rubygems-1.8.25-8.fc18 (FEDORA-2013-17649)
The Ruby standard for packaging ruby libraries
--------------------------------------------------------------------------------
Update Information:
Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as CVE-2013-4363.
A packaging bug was found that a directory was not properly owned.
This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 23 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 1.8.25-8
- Patch for CVE-2013-4363
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.11.1-104.fc18 (FEDORA-2013-17624)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Miroslav Grepl <mgrepl at redhat.com> 3.10.1-104
- Add back selinux-policy-{minimum,mls} pkgs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1004075 - SELinux is preventing /usr/bin/htop from using the 'getsched' accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=1004075
[ 2 ] Bug #1009273 - SELinux is preventing /usr/sbin/nginx from 'append' accesses on the file /srv/www/etcspl/logs/error.log.
https://bugzilla.redhat.com/show_bug.cgi?id=1009273
[ 3 ] Bug #1011108 - cannot update to selinux-policy-3.11.1-103.fc18
https://bugzilla.redhat.com/show_bug.cgi?id=1011108
--------------------------------------------------------------------------------
================================================================================
telepathy-gabble-0.16.7-1.fc18 (FEDORA-2013-17592)
A Jabber/XMPP connection manager
--------------------------------------------------------------------------------
Update Information:
Latest stable relese that improves interoperability with Facebook's XMPP server.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Brian Pepple <bpepple at fedoraproject.org> - 0.16.7-1
- Update to 0.16.7.
--------------------------------------------------------------------------------
================================================================================
wireshark-1.10.2-4.fc18 (FEDORA-2013-17635)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
dumpcap now stores temporary capture files in /var/tmp
* Convert automake/pkgconfig files into patches (better upstream integration)
* Restored category in the *.desktop file
* Install another one necessary header file - frame_data_sequence.h
* Add basic OpenFlow dissector
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Enhance desktop integration (*.desktop and MIME-related files)
* Add basic OpenFlow dissector
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Enhance desktop integration (*.desktop and MIME-related files)
* Add basic OpenFlow dissector
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Ver. 1.10.2
* Ver. 1.10.1
fix missing ws_symbol_export.h
* Ver. 1.10.2
* Various security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 24 2013 Peter Hatina <phatina at redhat.com> - 1.10.2-4
- move default temporary directory to /var/tmp
* Thu Sep 12 2013 Peter Lemenkov <lemenkov at gmail.com> - 1.10.2-3
- Fix building on Fedora 18 (no perl-podlators)
* Thu Sep 12 2013 Peter Lemenkov <lemenkov at gmail.com> - 1.10.2-2
- Add an OpenFlow dissector
* Wed Sep 11 2013 Peter Lemenkov <lemenkov at gmail.com> - 1.10-2-1
- Ver. 1.10.2
- Actually remove the console helper
* Mon Sep 9 2013 Peter Lemenkov <lemenkov at gmail.com> - 1.10.1-1
- Ver. 1.10.1
- Backported rtpproxy dissector module
* Wed Sep 4 2013 Peter Hatina <phatina at redhat.com> - 1.10.0-11
- fix missing ws_symbol_export.h
* Wed Sep 4 2013 Peter Hatina <phatina at redhat.com> - 1.10.0-10
- fix tap iostat overflow
* Wed Sep 4 2013 Peter Hatina <phatina at redhat.com> - 1.10.0-9
- fix sctp bytes graph crash
* Wed Sep 4 2013 Peter Hatina <phatina at redhat.com> - 1.10.0-8
- fix string overrun in plugins/profinet
* Tue Sep 3 2013 Peter Hatina <phatina at redhat.com> - 1.10.0-7
- fix BuildRequires - libgcrypt-devel
* Tue Sep 3 2013 Peter Hatina <phatina at redhat.com> - 1.10.0-6
- fix build parameter -fstack-protector-all
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.10.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jun 24 2013 Peter Hatina <phatina at redhat.com> 1.10.0-4
- fix pod2man build error
* Mon Jun 24 2013 Peter Hatina <phatina at redhat.com> 1.10.0-3
- fix bogus date
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #990155 - CVE-2013-4920 wireshark: DoS (application crash) in the P1 dissector (wnpa-sec-2013-42)
https://bugzilla.redhat.com/show_bug.cgi?id=990155
[ 2 ] Bug #990156 - CVE-2013-4921 wireshark: Off-by-one (application crash) in the Radiotap dissector (wnpa-sec-2013-43)
https://bugzilla.redhat.com/show_bug.cgi?id=990156
[ 3 ] Bug #990157 - CVE-2013-4922 wireshark: Double-free in the DCOM ISystemActivator dissector (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990157
[ 4 ] Bug #990160 - CVE-2013-4923 wireshark: Memory leak (DoS, memory consumption) in the DCOM ISystemActivator dissector (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990160
[ 5 ] Bug #990163 - CVE-2013-4924 wireshark: Assertion failure in the DCOM ISystemActivator dissector (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990163
[ 6 ] Bug #990164 - CVE-2013-4925 wireshark: Integer signedness error in the DCOM ISystemActivator dissector (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990164
[ 7 ] Bug #990165 - CVE-2013-4926 wireshark: DoS in the DCOM ISystemActivator dissector due improper remaining data to process presence check (wnpa-sec-2013-44)
https://bugzilla.redhat.com/show_bug.cgi?id=990165
[ 8 ] Bug #990166 - CVE-2013-4927 wireshark: Integer signedness error in the Bluetooth SDP dissector (wnpa-sec-2013-45)
https://bugzilla.redhat.com/show_bug.cgi?id=990166
[ 9 ] Bug #972679 - CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32)
https://bugzilla.redhat.com/show_bug.cgi?id=972679
[ 10 ] Bug #972680 - CVE-2013-4075 wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33)
https://bugzilla.redhat.com/show_bug.cgi?id=972680
[ 11 ] Bug #972681 - CVE-2013-4076 wireshark: Invalid free in the PPP dissector (wnpa-sec-2013-34)
https://bugzilla.redhat.com/show_bug.cgi?id=972681
[ 12 ] Bug #972682 - CVE-2013-4077 wireshark: Array index error in the NBAP dissector (wnpa-sec-2013-35)
https://bugzilla.redhat.com/show_bug.cgi?id=972682
[ 13 ] Bug #972683 - CVE-2013-4078 wireshark: DoS (infinite loop) in the RDP dissector (wnpa-sec-2013-36)
https://bugzilla.redhat.com/show_bug.cgi?id=972683
[ 14 ] Bug #972684 - CVE-2013-4079 wireshark: DoS (infinite loop, application hang) in the GSM CBCH dissector (wnpa-sec-2013-37)
https://bugzilla.redhat.com/show_bug.cgi?id=972684
[ 15 ] Bug #972685 - CVE-2013-4080 wireshark: DoS (infinite loop, CPU & memory consumption) in the Assa Abloy R3 dissector (wnpa-sec-2013-38)
https://bugzilla.redhat.com/show_bug.cgi?id=972685
[ 16 ] Bug #972686 - CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39)
https://bugzilla.redhat.com/show_bug.cgi?id=972686
[ 17 ] Bug #972687 - CVE-2013-4082 wireshark: Heap-based buffer overflow in the Ixia IxVeriWave file parser (wnpa-sec-2013-40)
https://bugzilla.redhat.com/show_bug.cgi?id=972687
[ 18 ] Bug #972688 - CVE-2013-4083 wireshark: Invalid free in the DCP ETSI dissector (wnpa-sec-2013-41)
https://bugzilla.redhat.com/show_bug.cgi?id=972688
[ 19 ] Bug #990167 - CVE-2013-4928 wireshark: Integer signedness error in the Bluetooth OBEX dissector (wnpa-sec-2013-46)
https://bugzilla.redhat.com/show_bug.cgi?id=990167
[ 20 ] Bug #990168 - CVE-2013-4929 wireshark: DoS (infinite loop) in the DIS dissector (wnpa-sec-2013-47)
https://bugzilla.redhat.com/show_bug.cgi?id=990168
[ 21 ] Bug #990169 - CVE-2013-4930 wireshark: Assertion failure in the DVB-CI dissector (wnpa-sec-2013-48)
https://bugzilla.redhat.com/show_bug.cgi?id=990169
[ 22 ] Bug #990170 - CVE-2013-4931 wireshark: DoS (infinite loop) in the GSM RR dissector (wnpa-sec-2013-49)
https://bugzilla.redhat.com/show_bug.cgi?id=990170
[ 23 ] Bug #990172 - CVE-2013-4932 wireshark: Multiple array index errors in the GSM A Common dissector (wnpa-sec-2013-50)
https://bugzilla.redhat.com/show_bug.cgi?id=990172
[ 24 ] Bug #990175 - CVE-2013-4933 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51)
https://bugzilla.redhat.com/show_bug.cgi?id=990175
[ 25 ] Bug #990178 - CVE-2013-4934 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) (A different flaw than CVE-2013-4933)
https://bugzilla.redhat.com/show_bug.cgi?id=990178
[ 26 ] Bug #990179 - CVE-2013-4935 wireshark: DoS (application crash) in the ASN.1 PER dissector (wnpa-sec-2013-52)
https://bugzilla.redhat.com/show_bug.cgi?id=990179
[ 27 ] Bug #965111 - wireshark: DoS (infinite loop) in the MySQL dissector (wnpa-sec-2013-30, upstream #8458)
https://bugzilla.redhat.com/show_bug.cgi?id=965111
[ 28 ] Bug #965190 - CVE-2013-3559 wireshark: DoS (crash) in the DCP ETSI dissector (wnpa-sec-2013-27, upstream #8231, #8540, #8541)
https://bugzilla.redhat.com/show_bug.cgi?id=965190
[ 29 ] Bug #965192 - CVE-2013-3558 wireshark: DoS (crash) in the PPP CCP dissector (wnpa-sec-2013-26, upstream #8638)
https://bugzilla.redhat.com/show_bug.cgi?id=965192
[ 30 ] Bug #965193 - CVE-2013-3557 wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599)
https://bugzilla.redhat.com/show_bug.cgi?id=965193
[ 31 ] Bug #965194 - CVE-2013-3555 wireshark: DoS (crash) in the GTPv2 dissector (wnpa-sec-2013-24, upstream #8493)
https://bugzilla.redhat.com/show_bug.cgi?id=965194
[ 32 ] Bug #965195 - wireshark: DoS (excessive CPU consumption) in the RELOAD dissector (wnpa-sec-2013-23, upstream #8362, #8546)
https://bugzilla.redhat.com/show_bug.cgi?id=965195
[ 33 ] Bug #965110 - wireshark: DoS (large loop) in the ETCH dissector (wnpa-sec-2013-31, upstream #8464)
https://bugzilla.redhat.com/show_bug.cgi?id=965110
[ 34 ] Bug #965112 - CVE-2013-3562 wireshark: DoS (stack overflow, crash) in the Websocket dissector (wnpa-sec-2013-29, upstream #8448, #8499)
https://bugzilla.redhat.com/show_bug.cgi?id=965112
[ 35 ] Bug #965186 - CVE-2013-3560 wireshark: DoS (crash) in the MPEG DSM-CC dissector (wnpa-sec-2013-28, upstream #8481)
https://bugzilla.redhat.com/show_bug.cgi?id=965186
--------------------------------------------------------------------------------
================================================================================
xyzsh-1.5.1-1.fc18 (FEDORA-2013-17641)
Interactive shell and text processing tool
--------------------------------------------------------------------------------
Update Information:
New version 1.5.1 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 25 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 1.5.1-1
- 1.5.1
--------------------------------------------------------------------------------
More information about the test
mailing list